ngo-geeks team mailing list archive

[Nathan Geffen <nathangeffen@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

There is no protection against spammers registering and there is insufficient protection against spammers commenting (only a honeypot field). 
A few possible solutions:

#. Prevent more than one registration or comment from same IP address every hour.
#. Implement Recaptcha for registration. Will this be sufficient to prevent comment spam?
#. Hook up to Aksim
#. Search for URLs in comments and mark those comments as spam (will require warning on article page for non-spam users).

** Affects: publicationmanager
     Importance: Critical
     Assignee: Nathan Geffen (nathangeffen)
         Status: Confirmed

** Changed in: publicationmanager
   Importance: Undecided => Critical

** Changed in: publicationmanager
       Status: New => Confirmed

** Changed in: publicationmanager
     Assignee: (unassigned) => Nathan Geffen (nathangeffen)

-- 
Insufficient spam protection
https://bugs.launchpad.net/bugs/508647
You received this bug notification because you are a member of NGO
Geeks, which is a direct subscriber.

Status in Manage and Present Beautiful Publications: Confirmed

Bug description:
There is no protection against spammers registering and there is insufficient protection against spammers commenting (only a honeypot field). 
A few possible solutions:

#. Prevent more than one registration or comment from same IP address every hour.
#. Implement Recaptcha for registration. Will this be sufficient to prevent comment spam?
#. Hook up to Aksim
#. Search for URLs in comments and mark those comments as spam (will require warning on article page for non-spam users).